How to get Access to blocked Internet Sites and Blocked Video Services


Have you ever taken a flight where video access is blocked?

Perhaps you are in European Country where a well known provider blocks Skype to force you to use their phone service?

All you need to get around these suspect practices is to use a standard VPN, and it is easier than you think. I am on a flight right now and am going to try and watch a movie. I am using IPvanish, but there are many VPN services you can use for just a few dollars a month.

Note: There is one more trick required to un-block for some VPN services and some  streaming sites. For information about this trick please contact us directly via e-mail, as we are not allowed to publish this trick publicly at this time.

Behind The Scenes , How Many Users Can an Access Point Handle ?


Assume you are teaching a class with thirty students, and every one of them needs help with their homework, what would you do? You’d probably schedule a time slot for each student to come in and talk to you one on one (assuming they all had different problems and there was no overlap in your tutoring).

Fast forward to your wireless access point.  You have perhaps heard all the rhetoric about 3.5 gigaherts, or 5.3 megahertz ?

Unfortunately, the word frequency is tossed around in tech buzzword circles the same way car companies and their marketing arms talk about engine sizes. I have no idea what 2.5 Liter Engine is,  it might sound cool and it might be better than a 2 liter engine, but in reality I don’t know how to compare the two numbers. So to answer our original question, we first need a little background on frequencies to get beyond the marketing speak.

A good example of a frequency, that is also easy to visualize, are ripples on pond. When you drop a rock in the water, ripples propagate out in all directions. Now imagine if  you stood in the water, thigh deep across the pond,  and the ripples hit your leg once each second.  The frequency of the ripples in the water would be 1 hertz, or one peak per second. With access points, there are similar ripples that we call radio waves. Although you can’t see them, like the ripples on the water, they are essentially the same thing. Little peaks and values of electromagnetic waves going up and down and hitting the antenna of the wireless device in your computer or Iphone. So when a marketing person tells you their AP is 2.4 Gigahertz, that means those little ripples coming out of  it are hitting your head, and everything else around them, 2.4 billion times each second. That is quite a few ripples per second.

Now in order to transmit a bit of data, the AP actually stops and starts transmitting ripples. One moment it is sending out 2.4 billion ripples pdf second the next moment it is not.  Now this is where it gets a bit weird, at least for me. The 2.4 billion ripples a second really have no meaning as far as data transmission by themselves; what the AP does is set up a schedule of time slots, let’s say 10 million time slots a second, where it is either transmitting ripples, or it turns the ripple generator off. Everybody that is in communication with the AP is aware of the schedule and all the 10 million time slots.  Think of these time slots as dates on your Calendar, and if you have a sunny day, call that a one, while if you have a cloudy day call that a 0.  Cloudy days are a binary 1 and clear day a binary 0. After we string together 8 days we have a sequence of 1’s and 0’s and a full byte. Now 8 days is a long time to transmit a byte, that is why the AP does not use 24 hours for a time slot, but it could , if we were some laid back hippie society where time did not matter.

So let’s go back over what we have learned and plug in some realistic parameters.
Let’s start with a frequency of 2.4 gigahertz. The fastest an AP can realistically turn this ripple generator off and on is about 1/4 the frequency or about 600 time slots/bits per second. This assumes a perfect world and all the bits get out without any interference from other things generating ripples (like your microwave) or something. So in reality the effective rate might be more on the order of 100 million bits a second.
Now let’s say there are 20 users in the room, sharing the available bits equally. They would all be able to run 5 megabits each. But again, there is over head switching between these users (sometimes they talk at the same time and have to constantly back off and re-synch)  Realistically with 20 users all competing for talk time,  1 to 2 megabits per user is more likely.

Other factors that can affect the number of users.
As you can imagine the radio AP manufacturers do all sorts of things to get better numbers. The latest AP’s have multiple antennas and run in two frequencies (two ripple generators) for more bits.

There are also often interference problems with multiple AP’s in the area , all making ripples . The transmission of  ripples for one AP do not stop at a fixed boundary, and this complexity will cause the data rates to slow down while the AP’s sort themselves out.

For related readings on Users and Access Points:

How Many Users Can a Wireless Access Point Handle?

How to Build Your Own Linux Access Points

How to use Access Points to set up and In-Home Music System

Does Your School Have Enough Bandwidth for On-line Testing?


K through1 2 schools are all rapidly moving toward “one for one” programs, where every student has a computer. Couple this with standardized, cloud-based testing services and you have the potential for an Internet gridlock during the testing periods. Some of the common questions we hear are:

How will all these students using the cloud affect our internet resource?

Will there be enough bandwidth for all those students using on-line testing?

What type of QOS should we deploy, or should we buy more bandwidth?

The good news is that most cloud testing services are designed with a fairly modest bandwidth footprint.

For example, a student connection to a cloud testing application will average around 150kbs. (kilo-bits per second)

In a perfect world, a 40 megabit link could handle about 400 students simultaneously doing on-line testing as long as there was no other major traffic

On the other hand, a video stream may average 1500kbs or more.

A raw download, such as an IOS update, may take as much as 15,000kbs, that is 100 times more bandwidth than the student taking an on-line test.

A common belief when choosing a bandwidth controller to support on-line testing is to find a tool which will specifically identify the on-line testing service and the non-essential applications, thus allowing the IT staff at the school to make adjustments giving the testing a higher priority ( QOS) Yes this strategy seems logical but there are several drawbacks

  • It does require a fairly sophisticated form of bandwidth control and can be fairly labor intensive and expensive.
  • Much of the public Internet traffic may be encrypted or tunneled , and hard to identify.
  • Another complication trying to give Internet traffic traditional priority is that a typical router cannot give priority to incoming traffic, and most of the test traffic is from the outside in. We detailed this phenomenon in our post about QOS and the Internet.

The key is not to make the problem more complicated than it needs to be. If you just look at the footprint of the streams coming into the testing facility, you can assume, from our observation, that all streams of 150kbs are of a higher priority than the larger streams, and simply throttle the larger streams. Doing so will insure there is enough bandwidth for the testing service connections to the students. The easiest way to do this is with a heuristic based bandwidth controller, a class of bandwidth shapers that dynamically give priority to smaller streams by slowing down larger streams.

The other option is to purchase more bandwidth, or in some cases a combination of more bandwidth and a heuristic based bandwidth controller, to be safe.

Please contact us for a more in-depth discussion of options.

For more information on cloud usage in K-12 schools, check out these posts:

Schools View Cloud Infrastructure as a Viable Option

K-12 Education is Moving to the Cloud

For more information on Bandwidth Usage by Cloud systems, check out this article:

Know Your Bandwidth Needs: Is Your Network Capacity Big Enough for Cloud Computing?

NetEqualizer News: June 2015


June 2015

Greetings!

Enjoy another issue of NetEqualizer News! This month, we announce the 8.3 Release – Expanded RTR, introduce our End of Spring Sale, update you on our DDoS monitoring and prevention technology, and preview our upcoming seminars and conferences. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

Spring has been interesting in Colorado this year – artif you like to set records for the most rain in 20 years, that is! Luckily, one of my favorite TV channels is The Weather Channel, so I have been enjoying all the storms… With spring coming to an end soon, I look forward to warmer summer weather.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

8.3 Release is G/A

We are very excited to announce that our 8.3 Release – Expanded RTR is now generally available!

The beta tests for the 8.3 Release have gone very well, and we are ready to release the new reporting features to everyone! Here is a comment from one of our beta customers:

“One of the things that really got my attention on the new 8.3 Release was the ability to see, in real-time, the traffic on all my subnets on one screen. I simply created a pool for all the subnets in my network, and I can instantly see the saturation in the dynamic bar charts that update once a second. I know instantly which segments are saturated by glancing at my monitor screen.”

This release expands our current reporting features to include even more useful information, graphs, and tables. Here are just a few of the new additions you’ll find in the 8.3 Release:

1) Top Talkers Report – this has been one of the most requested graphs and was a popular feature of our previous reporting tool, ntop. You can use this feature to see which IP addresses have used the most bandwidth over time.

toptalkers

2) General Penalty Report – we are bringing this one back from the first version of RTR! You can see both IPs that are currently being penalized, as well as a historical count of penalties that have occurred over time.

penalties

3) Connection Count Report – NetEqualizer controls P2P traffic by using connection count limits on IP addresses. However, figuring out what limit to set for your network depends on how it’s used. You can use the new Connection Count Report to see how many connections individual IP addresses have, and thus set your connection limit to the appropriate level.

connectioncounts

You can read more about all of the features of the 8.3 Release here in the 8.3 Software Update. If you would like to upgrade to 8.3, just click on the button below to send a request to Support.

contact_us_box-1

These features are free to all customers with valid NetEqualizer Software and Support. If you are not current with NSS, contact us today!


Spring for a Lease in our End of Spring Sale

Our Leasing Program continues to be a popular choice for customers that want to use a NetEqualizer with no long-term leasecommitment, and also want to spread out their costs over each month instead of incurring one upfront expense. If you have ever considered leasing a NetEqualizer, now is the time!

To celebrate two years of the NetEqualizer Leasing Program, all new NetEqualizer Leases started before August 31st, 2015 will get 50% off the 1st month fee.

This offer is subject to availability, and customers must qualify to participate in our Leasing Program.

We also are excited to announce that we have added fiber connectivity to our leasing program, in both the 1Gbps and 10Gbps levels. And, to provide more flexibility in financing for our larger customers, we are now offering an Enterprise-Level Lease, for customers with more than 10,000 end users.

If you are interested in learning more, you can read the details of our Leasing Program here, or contact us below.

contact_us_box-1


DDoS Update

The 8.3 Release also includes our recent Distributed Denial of Service (DDoS) Monitor at no extra charge! In addition, our new DDoS Firewall tool (DFW) can be purchased as an add-on module for an additional fee.

Here are some tips from our security experts for how to handle DDoS attacks, or stop them in the first place:
• Lock out unexpected geographies – Most businesses do not need global availability for their websites.
• If an attack occurs, look for fraud – Sometimes DDoS attacks can be smokescreens for other breaches.
• Route traffic through a system like CloudFlare – Their vast network can help thwart bandwidth overloads.
• Have a plan – Build DDoS into your Disaster Recovery Plan, and know who to call when an attack occurs.

The NetEqualizer can help you have a plan.

The new DDoS Monitor, which comes standard, shows you some basic metrics on the outside intrusion hit rate into your network. It can be used to spot anomalies which would indicate a likely DDoS attack in progress.

See our detailed blog article on the subject for how this technology works. Here is a screenshot of the DDoS Monitor dashboard:

ddos

If you decide you need something more proactive to mitigate a DDoS attack, we have a solution for you! For a one time charge of $3,500, which includes one hour of training and consulting, we install our DDoS Firewall (DFW) feature, which can be configured to block standard DDoS attacks.

contact_us_box-1


NetEqualizer Tech Seminars and Conferences

Our CTO, Art Reisman, will be on-site at Mercersburg Academy in Mercersburg, Pennsylvania during edACCESS Vendor Day, June 24th.edaccess

If you have ever been curious about the NetEqualizer, and want to learn more, stop by to talk to Art. We also look forward to visiting with customers as well, so please come by and say hello. You might even get some free NetEqualizer bling from Art!

If you cannot attend the edACCESS conference, but are in the area of South Central Pennsylvania, and would like to meet with Art, email him at:

art@apconnections.net

Art will be in the area for a few days after the conference as well.

How do you tell if edACCESS is right for you? Their mission is to provide support and networking for information technology staff at secondary schools and small colleges. Most edACCESS members come from schools with an FTE of under 1,000 students. So, if that sounds like you, consider attending the 2015 edACCESS Conference.

If you have never been to an edACCESS Conference, you might not know that they are purposely run small (100 attendees maximum) and that they use the peer conference mode.

Here is what they say on the edACCESS website:

“Each edACCESS conference is small, responsive, and participant-driven. Small, because edACCESS conferences are limited to one hundred attendees. Responsive, because half the conference is spent discussing topics chosen by attendees through a careful first-day process. Participant-driven, because we believe that, collectively, we are the experts.”

We hope to see you there!

contact_us_box-1


Best Of The Blog

The Facts and Myths of Network Latency

By Art Reisman – CTO – APconnections

There are many good references that explain how some applications such as VoIP are sensitive to network latency, but there is also some confusion as to what latency actually is as well as perhaps some misinformation about the causes.

In the article below, we’ll separate the facts from the myths and also provide some practical analogies to help paint a clear picture of latency and what may be behind it…

Photo Of The Month
IMG_0997
Brighton Beach, UK
This picture was taken by one of our staff on Brighton Beach, UK during our recent Tech Seminar. Brighton Beach features Brighton Pier, which is a pleasure pier that opened in 1899. Here, the ride operators are shown taking a break from work.

Network Provider Outages and DDOS Attacks Dwarf Local Hardware Failure Problems


My Internet Service went down yesterday and I had to revert to my backup provider.

Network Outages due to upstream provider failure are endless…

Comcast Outage for North Denver Fiber cut

Comcast hit with massive Internet outage

Forum discussion about wide spread Internet outage Des Moines Iowa

Spokane Washington 10,000 customers without Internet service

Wide spread Internet outage London , Virgin Media

And even if your provider is not to blame, there are endless hackers out there instigating DDOS attacks , some with an ax to grind others just for random entertainment.

DDOS attack brings down Web Drive Client New Zealand

DDOS attack brings down dutch government

DDOS attack interrupts tournament.

Although this sampling of news stories is not very scientific, I could literally spend a month clipping these articles. There are new ones every day, and that is just the major ones that get reported. If I informally poll our customers, almost every single one of them has seen a DDOS attack of  some kind in the past year, and all have had some sort of upstream Internet outages within the last couple of years.

Now if I ask how many have had critical Network Equipment go down due to hardware failure, that list shrinks to maybe 1 or 2 percent of our customers. Basically, what this tells me is you have a 100 percent chance of a Network outage for some period of time every year due to a problem upstream with your provider. You have  a 2 percent chance due to a hardware failure with your local core Router/Firewall/Bandwidth/Switches.

To put that another way, for every 50 outages caused by external events at your provider beyond your control, you have 1 event due to internal hardware failure.

The solution is to have multiple distinct Internet Providers on hand at all times, so if one goes down you can switch over to the other. As I said there is nothing wrong with the idea of sourcing redundant local equipment, but statistically it is much more important to get a second Internet provider sourced before investing in redundant equipment.

Here is another article highlighting the prevalence network outages.

Notes:

Although DDOS attacks are provider Independent, your chances of stopping or mitigating the attack are enhanced by having multiple providers.

Other causes of failures:

Yes, wireless topologies are notoriously unstable, and so are applications running on Web Servers, both of which can cause service outages to local users. These types outages are usually not on the same order as catastrophic hardware failure problems or upstream failures. Outages with wireless equipment and service are usually related to these products getting into a bad state, and are not associated with a complete loss of communication to the outside world. You’ll still need to re-boot these systems to get them back into a good state.

Related Articles: 

The Top Five Causes of Disruption of Internet Service

Five Tips for Defending Against a DDoS Attack

 

 

QoS and Your Cloud Applications, the Must Know Facts


When you make the switch to the cloud, you will likely discover that the standard QoS techniques, from the days when services were hosted within your enterprise, will not work on traffic coming in from the public Internet.  Below we detail why, and offer some unique alternatives to traditional router-based QoS. Read on to learn about new QoS techniques designed specifically for the Cloud.

Any QoS designed for the Cloud must address incoming traffic not originating on your Network

Most Internet congestion is caused by incoming traffic. From downloads of data not originating at your facility. Unlike the pre-cloud days, your local router cannot give priority to this data because it has no control over the sending server stream.  Yes, you can still control the priority of outgoing data, but if recreational traffic coming into your network comes in at the same priority as, let’s say, a cloud based VOIP call, then when your download link is full, all traffic will suffer.

Likely No Help from your service provider

Even if you asked your cloud hosting service to mark their traffic as priority, your public Internet provider likely will not treat ToS bits with any form of priority. Hence, all data coming from the Internet into your router from the outside will hit with equal priority. During peak traffic times, important cloud traffic will not be able to punch through the morass.

Is there any way to give priority to incoming cloud traffic?

Is QoS over the Internet for Cloud traffic possible? The answer is yes, QoS on an Internet link is possible. We have spent the better part of seven years practicing this art form and while it is not rocket science, it does require a philosophical shift in thinking to get your arms around it.

How to give priority to Cloud Traffic

We call it “equalizing,” or behavior-based shaping, and it involves monitoring incoming and outgoing streams on your Internet link. Priority or QoS is nothing more than favoring one stream’s packets over another stream’s. You can accomplish priority QoS on incoming streams by queuing (slowing down) one stream over another without relying on ToS bits.

How do we determine which “streams” to slow down?

It turns out in the real world there are three types of applications that matter:

1 ) Cloud based Business applications. Typically things like data bases, accounting, sales force, educational, Voip services.

2) Recreational traffic such as Netflix, YouTube

3) Downloads and updates

The kicker that we discovered and almost always holds true is that Cloud based applications will use a fraction of the bandwidth of the video recreational traffic and the downloads. If you can simply spot these non essential data hogs by size and slow them down a bit, there will be plenty of room for your Cloud applications during peak periods.

How do we ensure that cloud traffic has priority if we can’t rely on QoS bits?

To be honest, we stumbled upon this technique about 12 years ago. We keep track of all the streams coming into your network with what can best be described as a sniffing device. When we see a large stream of data, we know from experience that it can’t be cloud traffic, as it is too large of a stream. Cloud applications by design are rarely large streams, because if they were, the cloud application would likely be sluggish and not commercially viable. With our sniffing device, the NetEqualizer, we are able to slow down the non-cloud connections by adding in tiny bit of latency, while at the same time allowing the cloud application streams to pass through. The interesting result is that the sending servers (the same ones that ignore TOS bits) will actually sense that their traffic is being delayed in transport and they will back off their sending speeds on their own.

For more information or a demo feel free to contact us http://www.netequalizer.com.

For further reading on this topic, check out this article: “Traffic Management, Vital in the Cloud”

Miracle Product Fixes Slow Internet on Trains, Planes, and the Edge of the Grid


My apologies for the cheesy lead in. Just having some lighthearted fun, after my return from a seminar in the UK, and seeing all their news stands with the sensational headlines.

A few years ago I got a call from an agency that maintained the Internet service for the National Train service of a European country. (Finland)
The scheme they used to provide internet access on their trains was to put a 4g wireless connection on every train, and then relay the data to a standard Wifi connection for customers on the train.  The country has good 4g access throughout, hence this was the most practical way to get Internet to a moving vehicle.

Using this method they were able to pipe “mobile” wifi into the trains running around the country.  When their trains got a bit crowded the service became useless during peak times. All the business travelers on the train were funneling through what was essentially a 3 or 4 megabit connection.

Fortunately, we were able to work with them to come up with a scheme to alleviate the congestion. The really cool part of the solution was that we were able to put a central Netequalizer at their main data center, and there was no need to put a device on each train. Many of the solutions to this type of problem, either developed internally by satellite providers or by airlines offering Wifi, require a local controller at the user end, thus the cost and the logistics of the solution are much higher than using the centralized NetEqualizer.

We have talked about the using a centralized NetEqualizer for MPLS networks, but sometimes it is hard to visualize using a central bandwidth controller for other hub and spoke type connections such as the train problem. If you would like more information on the details we would be more than happy to provide them.

Follow

Get every new post delivered to your Inbox.

Join 58 other followers

%d bloggers like this: